Re: How to start and monitor packets on windows

[Rich Adamson <radamson () routers com>]

VINAY_SHARMA () advanex co jp wrote:
> Hi,
>
>      I am new for snort.i installed wincap,snort 2.x and IDScenter on
> windows xp.when i trying to start snort there is fatal error:
>
>
> on telenet decode arguments:
>  port to decode telnet on: 21 23 25 119
>
> Error: c:\snort\rules\attack-responses.rules(11) => unknown
> classtype:bad-unknow
> fatal error, quiting..

The above is telling you the rules in attack-responses.rules file has an 
error, its probably on line 11, and unless you copy/pasted the error 
message incorrectly, it looks like "bad-unknow" should have an "n" at 
the end of that string.

> if i try to run sonrt from command line on bin directory with snort -v -i1
> it will be start but i can not see any packets transaction when i am
> browsing any site.

Then either interface "-i1" is incorrect, or, the sniffing interface is 
attached to an ethernet switch that is masking the data from you. If you 
are using a switch, you'll either need to replace it with a hub, 
purchase a "tap", or change your network somehow to see the traffic of 
interest.



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users